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CLAIMS 

What is claimed is: 
/ LA, V 1. A method of authenticating a subject, comprising: 

r \ 

2 \ using one or a plurality of biometric measurements for authentication 

3 without Wy sharing of the subject's biometric data. 

1 2. The metnpd according to claim 1, further comprising: 

2 storing said biometric data in an individual unit, said individual unit 

3 belonging to said subject. 

1 3. The method according to claim 2, wherein said individual unit is portable 

2 for being carried bAsaid subject. 

1 4. The method according to claim 2, wherein said individual unit is non- 

2 portable. \ 

1 5. The method according to claim 2, wherein said individual unit comprises 

2 one of a smart card, a personal Vea network (PAN) tool, and an apparatus 

3 linked to a network. \ 

1 6. The method according to claim 1, further comprising: 
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after said authentication, selectively obtaining access to any of a 
location, a service, and an option in a service by said subject. 

7. The method according to claim 1, further comprising: 

generating at least one of a password and another authentication 
procedure based on bio^ietric authentication locally under the subject's 
control. 

8. The method according to claim 7, further comprising: 

securely storing the oiometric on an apparatus carried by said subject. 

9. The method according to ckim 1, further comprising: 

generating at least one of a password and another authentication 
procedure based on at least one Hjometric feature extracted locally under the 
subject's control. 

10. The method according to claim 9l wherein said generating is performed 
without storing the subject's biometridfeature. 

11. The method according to claim 9, further comprising: 

deriving said at least one of the password and the another 
authentication procedure from the biometri^ extracted locally when 
authentication is required. 
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12. The met lod according to claim 7, further comprising: 



derivi 



ig said at least one of the password and the another 
authenticationVprocedure from compressed biometrics extracted locally under 
the subject's control or from a network, when authentication is required. 
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1 13. The method according to claim 7, further comprising: 

2 managing n^ultiple passwords and authentication procedures, by at 

3 least one of: 

4 monitoring an authentication request; 

5 identifying a requestor; 

6 generatin^at least one of a new password and an 

7 authentication procedure fty a new requester; 

8 storing the aiifhentication procedure generation method and 

9 the identity of the requestor ii\a secure manner; and 

10 authenticating th^ user for known requesters using the stored 

1 1 procedure and the result of the lo&al authentication procedure. 



1 14. A method of authenticating a cnpracteristic of a subject, without 

2 compromising privacy of the subject^omprising: 

3 using at least one of a plurality bf authentication methods including 

4 personal information of the subject, a bijjmetric of the subject, a password, a 

5 personal identification number (PIN) and\ secured component; and 
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simultaneously with said using, said subject maintaining 
confidentiality of authentication information and withholding said 
authentication information from the other party. 

15. The method according to claim 14, further comprising: 

generating at Iteast one of a password and another authentication 
procedure based on authentication locally under the subject's control. 

16. The method according to claim 15, further comprising: 

securely storing authentication information on an apparatus locally 
under the subject's control. \ 

17. The method according to claim 15, further comprising: 

deriving said at least one\of the password and the another 
authentication procedure from thA local authentication when authentication is 
required. \ 

18. The method according to claim 16, further comprising: 

securely storing the authentication information on the apparatus using 
at least one of a knowledge-based information, a possession-based 
information, a password-based information, and a biometric-based 
information. \ 
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1 19. The method according to claim 14, further comprising: 

2 selectively completing the authentication with a remote service using 

3 a communication port and protocol. 
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1 20. A method for sepre authentication of a subject, comprising: 

2 selectively requesting any of a password and a knowledge-based 

3 information from saidlsubject; and 

4 simultaneously With said selectively requesting, interrogating 

5 biometric information o^ the subject, said biometric information being carried 

6 by said subject. 
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1 21. The method according ^o claim 20, further comprising: 

2 using said biometric information to generate said password. 

1 22. The method according to cjaim 20, further comprising: 

2 performing biometric da\a verification by a device associated with 

3 said subject, 

4 wherein said biometric dati verification activates a password- 

5 controlled authentication mechanisi\i which transfers information, but which 

6 withholds sufficient information so tljjat the biometric is not revealed, to a 

7 party requiring authentication. 



23. The method according to claim 21, wherein obtaining said password is 
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performed by using at Aeast one of an encryption and secure hashing. 

24. The method according to claim 20, wherein a device is carried by the 
subject to be authori2ed to perform a task, 

wherein at a moment of authorization, said device is presented to a 
reader of an authorizing machine of an entity seeking authentication, which 
prompts said device for a password for authorization to be given, and 

wherein said device reads a biometric of said subject using a sensor 
included in the device and computes the password. 

25. The method accordira* to claim 24, wherein said device allows the 
password to be read by thd authorizing machine. 

26. The method according to claim 25, wherein said password is read in a 
contacting manner. \ 

27. The method according to claim 25, wherein said password is read in a 
contact-free manner. 1 

28. The method according to claim 24, further comprising: 

using one of a hashing and a mapping technique, which is stable with 
respect to variations of the bion etric extracted, said using including mapping 
regions of a biometric-print spade, to the password having been computed. 
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29. The method according to claim 28, wherein said using includes: 

\ 

measuring a biometric-print of the subject by ranking biometric prints 
of N subsets of M biometrics, 

wherein kn index of a top ranking of each of the N subsets is used in 
computing the password. 

30. The method according to claim 24, further comprising: 

storing on the\device information regarding a previous authentication 
including a biometric-orint of the subject. 

31. The method according to claim 20, further comprising: 

encrypting a biometoc-print using the subject's biometric and 
personal knowledge onto a ctevice carried by said subject. 

32. The method according to cDaim 20, further comprising: 

providing a unique non-dtblicable authentication mechanism on a 
device associated with said subjectAsaid authentication mechanism being 
constructed so as to be completely independent of the biometric, 

wherein said authentication mechanism is prevented from accessing 
the biometric itself. \ 

33. The method according to claim 32, wherein said device associated with 
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2 said subject produces a correct password only when the device reads a 

3 biometric from £he subject. 

1 34. The method according to claim 20, wherein biometric information for a 

2 plurality of subjects isWored in a device associated with the subject. 
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1 35. An apparatus for secure authentication, without compromising privacy of 

2 a subject, comprising: 

3 a reader, associated wfyh the subject, for reading a specified biometric 

4 of said subject; and 

5 a password generator for producing a password needed based on said 

6 biometric. 



1 36. The apparatus according to claim 35, wherein said password generator 

2 includes an encryption device using at lea\t one of encryption and secure 

3 hashing. 



1 37. An apparatus for secure authentication, composing: 

2 means, associated with a subject, for reading specified biometric of 

3 said subject; and 

4 means for producing a password needed based o\ said biometric, 

5 without providing access to said biometric by anyone otheV than said subject. 
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38. The apparatus according to claim 37, wherein said means for producing 
said password includes an encryption device using at least one of encryption 
and secure hashing. 

39. A method of identifying a subject, comprising: 

using one or a plurality of biometric measurements for identification 
without any sharing ot the subject's biometric data. 

40. The method of claiift 39, wherein a subject's identity is determined 
locally, under the subjects control, by having the subject provide at least one 
of a user ID and by biomefric identification of the subject among enrolled 
authorized subjects, and \ 

wherein said identification produces a set of N best matches for N 
subsets, and an index formed bAconcatenation of the N indices uniquely 
identifies the subject. \ 

41. A method for identification of a subject, comprising: 

selectively requesting any of apassword and a knowledge-based 
information from said subject; and \ 

simultaneously with said selectively requesting, interrogating 
biometric information of the subject, said Hriometric information being carried 
by said subject. \ 
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42. The method of claim 41, wherein a subject's identity is determined 
locally, under the subject's control, by having the subject provide at least one 
of a user ID W by biometric identification of the subject among enrolled 
authorized subjects, and 

wherein said identification produces a set of N best matches for N 
subsets, and an intiex formed by concatenation of the N indices uniquely 
identifies the subject. 

43. An apparatus forMdentification of a subject, comprising: 

a reader, associated with the subject, for reading a specified biometric 
of said subject; and \ 

a password generator for producing a password needed based on said 
biometric. \ 

44. The apparatus according to clWi 43, further comprising: 

means for storing data of said biometric in an individual unit, said 
individual unit belonging to said subject. 

45. The apparatus according to claim 44, wherein said individual unit is 
portable for being carried by said subject. \ 

46. The apparatus according to claim 44, wherein saicl individual unit is non- 
portable. \ 
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47. The apparatus according to claim 44, wherein said individual unit 
comprises one of a smart card, a personal area network (PAN) tool, and an 
apparatus linked to a network. 

48. The apparatus according to claim 44, wherein a subject's identity is 
determined locally, under fflie subject's control, by having the subject provide 
at least one of a user ID ancftby biometric identification of the subject among 
enrolled authorized subjects Being read by said reader, and 

wherein said identification produces a set of N best matches for N 
subsets, and an index formed byWncatenation of the N indices uniquely 
identifies the subject. \ 
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